Vendor CVEs
IBM
All CVEs
8,287 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-2281 | 0.00 | — | 0.02 | Dec 31, 2004 | Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by (1) KSPR5YS6GR and (2) KSPR62F4D3. | |||
| CVE-2004-2663 | 0.00 | — | 0.02 | Dec 31, 2004 | The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a .hta file in a Startup folder. | |||
| CVE-2004-2558 | 0.00 | — | 0.02 | Dec 31, 2004 | Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace… | |||
| CVE-2004-2270 | 0.00 | — | 0.00 | Dec 31, 2004 | Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code. | |||
| CVE-2004-2634 | 0.00 | — | 0.00 | Dec 31, 2004 | The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5.1 and 5.2 allow local users to overwrite arbitrary files via a symlink attack on temporary files via unknown attack vectors. | |||
| CVE-2004-2667 | 0.00 | — | 0.01 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||
| CVE-2004-0253 | 0.00 | — | 0.02 | Nov 23, 2004 | IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to execute arbitrary programs or cause a denial of service via certain SQL code, possibly due to a SQL injection vulnerability. | |||
| CVE-2004-0263 | 0.00 | — | 0.03 | Nov 23, 2004 | PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information. | |||
| CVE-2004-0243 | 0.00 | — | 0.02 | Nov 23, 2004 | AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods. | |||
| CVE-2004-0828 | 0.00 | — | 0.00 | Nov 3, 2004 | The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files. | |||
| CVE-2003-1049 | 0.00 | — | 0.00 | Sep 28, 2004 | IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files. | |||
| CVE-2002-1583 | 0.00 | — | 0.00 | Sep 28, 2004 | Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument. | |||
| CVE-2004-1663 | 0.00 | — | 0.04 | Sep 4, 2004 | Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets. | |||
| CVE-2004-1372 | 0.00 | — | 0.00 | Sep 1, 2004 | Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure. | |||
| CVE-2004-0545 | 0.00 | — | 0.00 | Aug 6, 2004 | LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2004-0684 | 0.00 | — | 0.02 | Aug 6, 2004 | WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters. | |||
| CVE-2004-0669 | 0.00 | — | 0.02 | Aug 6, 2004 | Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command. | |||
| CVE-2004-0586 | 0.00 | — | 0.04 | Aug 6, 2004 | acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary code via the (1) DownLoadURL, (2) SaveFilePath, and (3) Download ActiveX methods. | |||
| CVE-2003-0257 | 0.00 | — | 0.00 | Apr 15, 2004 | Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges. | |||
| CVE-2003-1018 | 0.00 | — | 0.00 | Mar 29, 2004 | Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors. | |||
| CVE-2003-0170 | 0.00 | — | 0.03 | Mar 29, 2004 | Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors. | |||
| CVE-2003-0119 | 0.00 | — | 0.02 | Feb 3, 2004 | The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities. | |||
| CVE-2004-1759 | 0.00 | — | 0.02 | Jan 21, 2004 | Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, allows remote attackers to cause a denial of service (CPU consumption) via arbitrary packets to TCP port 14247, as demonstrated using port scanning. | |||
| CVE-2004-1760 | 0.00 | — | 0.04 | Jan 21, 2004 | The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247. | |||
| CVE-2003-0696 | 0.00 | — | 0.01 | Jan 20, 2004 | The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion). | |||
| CVE-2004-0029 | 0.00 | — | 0.00 | Jan 20, 2004 | Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges. | |||
| CVE-2003-1527 | 0.00 | — | 0.01 | Dec 31, 2003 | BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets. | |||
| CVE-2003-1447 | 0.00 | — | 0.00 | Dec 31, 2003 | IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML. | |||
| CVE-2003-0954 | 0.00 | — | 0.00 | Dec 31, 2003 | Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users to gain privileges. | |||
| CVE-2003-1282 | 0.00 | — | 0.01 | Dec 31, 2003 | IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE), (3) $(LOGIN), (4) $(PASSWORD), and possibly other predefined variables that… | |||
| CVE-2003-0914 | 0.00 | — | 0.03 | Dec 15, 2003 | ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value. | |||
| CVE-2003-0836 | 0.00 | — | 0.02 | Nov 17, 2003 | Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before Fixpak 10 and 10a, and 8.1 before Fixpak 2, allows attackers with "Connect" privileges to execute arbitrary code via a LOAD command. | |||
| CVE-2003-0837 | 0.00 | — | 0.02 | Nov 17, 2003 | Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges to execute arbitrary code via the INVOKE command. | |||
| CVE-2003-0784 | 0.00 | — | 0.02 | Oct 6, 2003 | Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers. | |||
| CVE-2003-0827 | 0.00 | — | 0.01 | Oct 6, 2003 | The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523. | |||
| CVE-2003-0697 | 0.00 | — | 0.00 | Oct 6, 2003 | Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges. | |||
| CVE-2003-0580 | 0.00 | — | 0.01 | Aug 18, 2003 | Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier allows the uvadm user to execute arbitrary code via a long -uv.install command line argument. | |||
| CVE-2003-0285 | 0.00 | — | 0.05 | Jun 16, 2003 | IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam… | |||
| CVE-2003-0181 | 0.00 | — | 0.02 | Apr 2, 2003 | Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name. | |||
| CVE-2003-0180 | 0.00 | — | 0.03 | Apr 2, 2003 | Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form. | |||
| CVE-2002-1551 | 0.00 | — | 0.00 | Mar 31, 2003 | Buffer overflow in nslookup in IBM AIX may allow attackers to cause a denial of service or execute arbitrary code. | |||
| CVE-2002-1550 | 0.00 | — | 0.00 | Mar 31, 2003 | dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||
| CVE-2002-1548 | 0.00 | — | 0.00 | Mar 31, 2003 | Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called." | |||
| CVE-2003-0123 | 0.00 | — | 0.03 | Mar 18, 2003 | Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line. | |||
| CVE-2003-0064 | 0.00 | — | 0.03 | Mar 3, 2003 | The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker… | |||
| CVE-2002-1686 | 0.00 | — | 0.01 | Dec 31, 2002 | Buffer overflow in lscfg of unknown versions of AIX has unknown impact. | |||
| CVE-2002-1654 | 0.00 | — | 0.03 | Dec 31, 2002 | iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force… | |||
| CVE-2002-1690 | 0.00 | — | 0.01 | Dec 31, 2002 | Unknown vulnerability in AIX before 4.0 with unknown attack vectors and unknown impact, aka "security issue," as fixed by APAR IY28225. | |||
| CVE-2002-2025 | 0.00 | — | 0.02 | Dec 31, 2002 | Lotus Domino server 5.0.9a and earlier allows remote attackers to cause a denial of service by exhausting the number of working threads via a large number of HTTP requests for (1) an MS-DOS device name and (2) an MS-DOS device name with a large number of characters appended to… | |||
| CVE-2002-2014 | 0.00 | — | 0.02 | Dec 31, 2002 | Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks. |
- CVE-2004-2281Dec 31, 2004risk 0.00cvss —epss 0.02
Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by (1) KSPR5YS6GR and (2) KSPR62F4D3.
- CVE-2004-2663Dec 31, 2004risk 0.00cvss —epss 0.02
The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a .hta file in a Startup folder.
- CVE-2004-2558Dec 31, 2004risk 0.00cvss —epss 0.02
Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace…
- CVE-2004-2270Dec 31, 2004risk 0.00cvss —epss 0.00
Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code.
- CVE-2004-2634Dec 31, 2004risk 0.00cvss —epss 0.00
The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5.1 and 5.2 allow local users to overwrite arbitrary files via a symlink attack on temporary files via unknown attack vectors.
- CVE-2004-2667Dec 31, 2004risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
- CVE-2004-0253Nov 23, 2004risk 0.00cvss —epss 0.02
IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to execute arbitrary programs or cause a denial of service via certain SQL code, possibly due to a SQL injection vulnerability.
- CVE-2004-0263Nov 23, 2004risk 0.00cvss —epss 0.03
PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
- CVE-2004-0243Nov 23, 2004risk 0.00cvss —epss 0.02
AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.
- CVE-2004-0828Nov 3, 2004risk 0.00cvss —epss 0.00
The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files.
- CVE-2003-1049Sep 28, 2004risk 0.00cvss —epss 0.00
IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files.
- CVE-2002-1583Sep 28, 2004risk 0.00cvss —epss 0.00
Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument.
- CVE-2004-1663Sep 4, 2004risk 0.00cvss —epss 0.04
Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets.
- CVE-2004-1372Sep 1, 2004risk 0.00cvss —epss 0.00
Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure.
- CVE-2004-0545Aug 6, 2004risk 0.00cvss —epss 0.00
LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary files via a symlink attack.
- CVE-2004-0684Aug 6, 2004risk 0.00cvss —epss 0.02
WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters.
- CVE-2004-0669Aug 6, 2004risk 0.00cvss —epss 0.02
Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command.
- CVE-2004-0586Aug 6, 2004risk 0.00cvss —epss 0.04
acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary code via the (1) DownLoadURL, (2) SaveFilePath, and (3) Download ActiveX methods.
- CVE-2003-0257Apr 15, 2004risk 0.00cvss —epss 0.00
Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges.
- CVE-2003-1018Mar 29, 2004risk 0.00cvss —epss 0.00
Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors.
- CVE-2003-0170Mar 29, 2004risk 0.00cvss —epss 0.03
Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors.
- CVE-2003-0119Feb 3, 2004risk 0.00cvss —epss 0.02
The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities.
- CVE-2004-1759Jan 21, 2004risk 0.00cvss —epss 0.02
Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, allows remote attackers to cause a denial of service (CPU consumption) via arbitrary packets to TCP port 14247, as demonstrated using port scanning.
- CVE-2004-1760Jan 21, 2004risk 0.00cvss —epss 0.04
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.
- CVE-2003-0696Jan 20, 2004risk 0.00cvss —epss 0.01
The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion).
- CVE-2004-0029Jan 20, 2004risk 0.00cvss —epss 0.00
Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges.
- CVE-2003-1527Dec 31, 2003risk 0.00cvss —epss 0.01
BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets.
- CVE-2003-1447Dec 31, 2003risk 0.00cvss —epss 0.00
IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML.
- CVE-2003-0954Dec 31, 2003risk 0.00cvss —epss 0.00
Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users to gain privileges.
- CVE-2003-1282Dec 31, 2003risk 0.00cvss —epss 0.01
IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE), (3) $(LOGIN), (4) $(PASSWORD), and possibly other predefined variables that…
- CVE-2003-0914Dec 15, 2003risk 0.00cvss —epss 0.03
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
- CVE-2003-0836Nov 17, 2003risk 0.00cvss —epss 0.02
Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before Fixpak 10 and 10a, and 8.1 before Fixpak 2, allows attackers with "Connect" privileges to execute arbitrary code via a LOAD command.
- CVE-2003-0837Nov 17, 2003risk 0.00cvss —epss 0.02
Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges to execute arbitrary code via the INVOKE command.
- CVE-2003-0784Oct 6, 2003risk 0.00cvss —epss 0.02
Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers.
- CVE-2003-0827Oct 6, 2003risk 0.00cvss —epss 0.01
The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523.
- CVE-2003-0697Oct 6, 2003risk 0.00cvss —epss 0.00
Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges.
- CVE-2003-0580Aug 18, 2003risk 0.00cvss —epss 0.01
Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier allows the uvadm user to execute arbitrary code via a long -uv.install command line argument.
- CVE-2003-0285Jun 16, 2003risk 0.00cvss —epss 0.05
IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam…
- CVE-2003-0181Apr 2, 2003risk 0.00cvss —epss 0.02
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name.
- CVE-2003-0180Apr 2, 2003risk 0.00cvss —epss 0.03
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form.
- CVE-2002-1551Mar 31, 2003risk 0.00cvss —epss 0.00
Buffer overflow in nslookup in IBM AIX may allow attackers to cause a denial of service or execute arbitrary code.
- CVE-2002-1550Mar 31, 2003risk 0.00cvss —epss 0.00
dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary files via a symlink attack on temporary files.
- CVE-2002-1548Mar 31, 2003risk 0.00cvss —epss 0.00
Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called."
- CVE-2003-0123Mar 18, 2003risk 0.00cvss —epss 0.03
Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line.
- CVE-2003-0064Mar 3, 2003risk 0.00cvss —epss 0.03
The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker…
- CVE-2002-1686Dec 31, 2002risk 0.00cvss —epss 0.01
Buffer overflow in lscfg of unknown versions of AIX has unknown impact.
- CVE-2002-1654Dec 31, 2002risk 0.00cvss —epss 0.03
iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force…
- CVE-2002-1690Dec 31, 2002risk 0.00cvss —epss 0.01
Unknown vulnerability in AIX before 4.0 with unknown attack vectors and unknown impact, aka "security issue," as fixed by APAR IY28225.
- CVE-2002-2025Dec 31, 2002risk 0.00cvss —epss 0.02
Lotus Domino server 5.0.9a and earlier allows remote attackers to cause a denial of service by exhausting the number of working threads via a large number of HTTP requests for (1) an MS-DOS device name and (2) an MS-DOS device name with a large number of characters appended to…
- CVE-2002-2014Dec 31, 2002risk 0.00cvss —epss 0.02
Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks.
Page 163 of 166